CYBERSECURITYTALKS – PART 5

Traditional Security awareness seems to be a kind of burden and necessary evil. Online trainings were designed and rolled out but do not deliver expected changes in behavior. What should we do different? Or what works from your point of view? Incident Response plans are still quite weak and often not really tested in a real life scenario. How do you see IRP and handling?